Skip to content

Commit

Permalink
Make sure all macos steps use the same keychain
Browse files Browse the repository at this point in the history
  • Loading branch information
@olsen232
olsen232 committed Nov 24, 2023
1 parent 48648aa commit b7b8df9
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 3 deletions.
7 changes: 6 additions & 1 deletion .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -735,6 +735,8 @@ jobs:
MACOS_CODESIGN_ID: ${{ secrets.MACOS_CODESIGN_ID }}
MACOS_PKGSIGN_ID: ${{ secrets.MACOS_PKGSIGN_ID }}
MACOS_NOTARIZE_KEYCHAIN_PROFILE: "NOTARIZE_AUTH"
MACOS_NOTARIZE_KEYCHAIN_FILENAME: "signing_temp"
MACOS_NOTARIZE_KEYCHAIN: "~/Library/Keychains/signing_temp.keychain-db"
# X.Y version needs to match PY_VER:
PY_VER_INSTALLER: "https://www.python.org/ftp/python/3.11.6/python-3.11.6-macos11.pkg"

Expand Down Expand Up @@ -891,6 +893,8 @@ jobs:
uses: apple-actions/import-codesign-certs@v1
if: env.MACOS_SIGN_BUNDLE == 'ON'
with:
# This action auto generates the keychain password (only works if the keychain name is "signing_temp").
keychain: ${{ env.MACOS_NOTARIZE_KEYCHAIN_FILENAME }}
p12-file-base64: ${{ secrets.MACOS_APP_CERT }}
p12-password: ${{ secrets.MACOS_CERT_PW }}

Expand All @@ -904,7 +908,8 @@ jobs:
xcrun notarytool store-credentials "$MACOS_NOTARIZE_KEYCHAIN_PROFILE" \
--apple-id "$MACOS_NOTARIZE_USER" \
--team-id "$MACOS_NOTARIZE_TEAMID" \
--password "$MACOS_NOTARIZE_PW"
--password "$MACOS_NOTARIZE_PW" \
--keychain "$MACOS_NOTARIZE_KEYCHAIN"
- name: "bundle: assemble"
uses: lukka/run-cmake@v10.6
Expand Down
1 change: 1 addition & 0 deletions CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -381,6 +381,7 @@ if(MACOS)
execute_process(
COMMAND ${XCODE_XCRUN} notarytool submit \${CPACK_TEMPORARY_PACKAGE_FILE_NAME}
--keychain-profile \"$ENV{MACOS_NOTARIZE_KEYCHAIN_PROFILE}\"
--keychain \"$ENV{MACOS_NOTARIZE_KEYCHAIN}\"
--wait --timeout ${MACOS_NOTARIZE_TIMEOUT}
COMMAND_ECHO NONE
COMMAND_ERROR_IS_FATAL ANY)
Expand Down
6 changes: 4 additions & 2 deletions cmake/KartBundle.cmake
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,8 +97,10 @@ elseif(MACOS AND MACOS_SIGN_BUNDLE)
WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/pyinstaller/dist
COMMAND ${XCODE_DITTO} -c -k --sequesterRsrc --keepParent "Kart.app"
"kart-bundle-notarize.zip"
COMMAND ${XCODE_XCRUN} notarytool submit kart-bundle-notarize.zip --keychain-profile
"$ENV{MACOS_NOTARIZE_KEYCHAIN_PROFILE}" --wait --timeout ${MACOS_NOTARIZE_TIMEOUT}
COMMAND ${XCODE_XCRUN} notarytool submit kart-bundle-notarize.zip
--keychain-profile "$ENV{MACOS_NOTARIZE_KEYCHAIN_PROFILE}"
--keychain "$ENV{MACOS_NOTARIZE_KEYCHAIN}"
--wait --timeout ${MACOS_NOTARIZE_TIMEOUT}
COMMAND ${XCODE_XCRUN} stapler staple Kart.app
COMMAND ${XCODE_SPCTL} --assess -t execute -vvv Kart.app
COMMAND ${CMAKE_COMMAND} -E touch ${CMAKE_CURRENT_BINARY_DIR}/pyinstaller/notarize.stamp
Expand Down

0 comments on commit b7b8df9

Please sign in to comment.